From 608fca101cd2dd7259b468ab7b04dc5df0be40cb Mon Sep 17 00:00:00 2001 From: hwdsl2 Date: Sun, 11 Sep 2022 00:54:45 -0500 Subject: [PATCH] Update docs --- docs/clients-xauth-zh.md | 2 -- docs/clients-xauth.md | 2 -- docs/clients-zh.md | 2 -- docs/clients.md | 2 -- docs/ikev2-howto-zh.md | 16 ++++++++-------- docs/ikev2-howto.md | 16 ++++++++-------- docs/manage-users-zh.md | 4 ++-- docs/manage-users.md | 4 ++-- 8 files changed, 20 insertions(+), 28 deletions(-) diff --git a/docs/clients-xauth-zh.md b/docs/clients-xauth-zh.md index 1347f09..b802e9d 100644 --- a/docs/clients-xauth-zh.md +++ b/docs/clients-xauth-zh.md @@ -2,8 +2,6 @@ # 配置 IPsec/XAuth VPN 客户端 -**注:** 你也可以使用 [IKEv2](ikev2-howto-zh.md)(推荐)或者 [IPsec/L2TP](clients-zh.md) 模式连接。 - 在成功 [搭建自己的 VPN 服务器](../README-zh.md) 之后,按照下面的步骤来配置你的设备。IPsec/XAuth ("Cisco IPsec") 在 Android, iOS 和 OS X 上均受支持,无需安装额外的软件。Windows 用户可以使用免费的 [Shrew Soft 客户端](https://www.shrew.net/download/vpn)。如果无法连接,请首先检查是否输入了正确的 VPN 登录凭证。 IPsec/XAuth 模式也称为 "Cisco IPsec"。该模式通常能够比 IPsec/L2TP **更高效**地传输数据(较低的额外开销)。 diff --git a/docs/clients-xauth.md b/docs/clients-xauth.md index 56da14d..78f288a 100644 --- a/docs/clients-xauth.md +++ b/docs/clients-xauth.md @@ -2,8 +2,6 @@ # Configure IPsec/XAuth VPN Clients -**Note:** You may also connect using [IKEv2](ikev2-howto.md) (recommended) or [IPsec/L2TP](clients.md) mode. - After [setting up your own VPN server](https://github.com/hwdsl2/setup-ipsec-vpn), follow these steps to configure your devices. IPsec/XAuth ("Cisco IPsec") is natively supported by Android, iOS and OS X. There is no additional software to install. Windows users can use the free [Shrew Soft client](https://www.shrew.net/download/vpn). In case you are unable to connect, first check to make sure the VPN credentials were entered correctly. IPsec/XAuth mode is also called "Cisco IPsec". This mode is generally **faster than** IPsec/L2TP with less overhead. diff --git a/docs/clients-zh.md b/docs/clients-zh.md index 459dc62..63ff9b9 100644 --- a/docs/clients-zh.md +++ b/docs/clients-zh.md @@ -2,8 +2,6 @@ # 配置 IPsec/L2TP VPN 客户端 -**注:** 你也可以使用 [IKEv2](ikev2-howto-zh.md)(推荐)或者 [IPsec/XAuth](clients-xauth-zh.md) 模式连接。 - 在成功 [搭建自己的 VPN 服务器](../README-zh.md) 之后,按照下面的步骤来配置你的设备。IPsec/L2TP 在 Android, iOS, OS X 和 Windows 上均受支持,无需安装额外的软件。设置过程通常只需要几分钟。如果无法连接,请首先检查是否输入了正确的 VPN 登录凭证。 --- diff --git a/docs/clients.md b/docs/clients.md index 7ca17ce..88e8fe2 100644 --- a/docs/clients.md +++ b/docs/clients.md @@ -2,8 +2,6 @@ # Configure IPsec/L2TP VPN Clients -**Note:** You may also connect using [IKEv2](ikev2-howto.md) (recommended) or [IPsec/XAuth](clients-xauth.md) mode. - After [setting up your own VPN server](https://github.com/hwdsl2/setup-ipsec-vpn), follow these steps to configure your devices. IPsec/L2TP is natively supported by Android, iOS, OS X, and Windows. There is no additional software to install. Setup should only take a few minutes. In case you are unable to connect, first check to make sure the VPN credentials were entered correctly. --- diff --git a/docs/ikev2-howto-zh.md b/docs/ikev2-howto-zh.md index 959d2ab..e00f158 100644 --- a/docs/ikev2-howto-zh.md +++ b/docs/ikev2-howto-zh.md @@ -2,12 +2,10 @@ # IKEv2 VPN 配置和使用指南 -**注:** 你也可以使用 [IPsec/L2TP](clients-zh.md) 或者 [IPsec/XAuth](clients-xauth-zh.md) 模式连接。 - * [导言](#导言) * [配置 IKEv2 VPN 客户端](#配置-ikev2-vpn-客户端) * [故障排除](#故障排除) -* [管理客户端证书](#管理客户端证书) +* [管理 IKEv2 客户端](#管理-ikev2-客户端) * [更改 IKEv2 服务器地址](#更改-ikev2-服务器地址) * [更新 IKEv2 辅助脚本](#更新-ikev2-辅助脚本) * [使用辅助脚本配置 IKEv2](#使用辅助脚本配置-ikev2) @@ -549,7 +547,7 @@ REG ADD HKLM\SYSTEM\CurrentControlSet\Services\RasMan\Parameters /v NegotiateDH2 Windows 自带的 VPN 客户端可能不支持 IKEv2 fragmentation(该功能[需要](https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-ikee/74df968a-7125-431d-9c98-4ea929e548dc) Windows 10 v1803 或更新版本)。在有些网络上,这可能会导致连接错误或其它连接问题。你可以尝试换用 [IPsec/L2TP](clients-zh.md) 或 [IPsec/XAuth](clients-xauth-zh.md) 模式。 -## 管理客户端证书 +## 管理 IKEv2 客户端 * [列出已有的客户端](#列出已有的客户端) * [添加客户端证书](#添加客户端证书) @@ -594,7 +592,7 @@ sudo ikev2.sh --exportclient [client name] **警告:** 这将**永久删除**客户端证书和私钥。此操作**不可撤销**! -如果要删除一个客户端证书: +如果要删除一个现有的客户端: ```bash sudo ikev2.sh --deleteclient [client name] @@ -635,7 +633,9 @@ sudo ikev2.sh --deleteclient [client name] ### 吊销客户端证书 -在某些情况下,你可能需要吊销一个之前生成的 VPN 客户端证书。要吊销证书,可以运行辅助脚本。 +在某些情况下,你可能需要吊销一个之前生成的 VPN 客户端证书。 + +如果要吊销一个现有的客户端: ```bash sudo ikev2.sh --revokeclient [client name] @@ -828,8 +828,8 @@ Options: --addclient [client name] add a new client using default options --exportclient [client name] export configuration for an existing client --listclients list the names of existing clients - --revokeclient [client name] revoke a client certificate - --deleteclient [client name] delete a client certificate + --revokeclient [client name] revoke an existing client + --deleteclient [client name] delete an existing client --removeikev2 remove IKEv2 and delete all certificates and keys from the IPsec database -h, --help show this help message and exit diff --git a/docs/ikev2-howto.md b/docs/ikev2-howto.md index 42ae9a1..70b8b0c 100644 --- a/docs/ikev2-howto.md +++ b/docs/ikev2-howto.md @@ -2,12 +2,10 @@ # Guide: How to Set Up and Use IKEv2 VPN -**Note:** You may also connect using [IPsec/L2TP](clients.md) or [IPsec/XAuth](clients-xauth.md) mode. - * [Introduction](#introduction) * [Configure IKEv2 VPN clients](#configure-ikev2-vpn-clients) * [Troubleshooting](#troubleshooting) -* [Manage client certificates](#manage-client-certificates) +* [Manage IKEv2 clients](#manage-ikev2-clients) * [Change IKEv2 server address](#change-ikev2-server-address) * [Update IKEv2 helper script](#update-ikev2-helper-script) * [Set up IKEv2 using helper script](#set-up-ikev2-using-helper-script) @@ -551,7 +549,7 @@ If using Windows 10 and the VPN is stuck on "connecting" for more than a few min The built-in VPN client in Windows may not support IKEv2 fragmentation (this feature [requires](https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-ikee/74df968a-7125-431d-9c98-4ea929e548dc) Windows 10 v1803 or newer). On some networks, this can cause the connection to fail or have other issues. You may instead try the [IPsec/L2TP](clients.md) or [IPsec/XAuth](clients-xauth.md) mode. -## Manage client certificates +## Manage IKEv2 clients * [List existing clients](#list-existing-clients) * [Add a client certificate](#add-a-client-certificate) @@ -596,7 +594,7 @@ First, read the important note above. Then click here for instructions. **Warning:** The client certificate and private key will be **permanently deleted**. This **cannot be undone**! -To delete a client certificate: +To delete an existing client: ```bash sudo ikev2.sh --deleteclient [client name] @@ -637,7 +635,9 @@ Alternatively, you can manually delete a client certificate. ### Revoke a client certificate -In certain circumstances, you may need to revoke a previously generated VPN client certificate. To revoke a certificate, run the helper script. +In certain circumstances, you may need to revoke a previously generated VPN client certificate. + +To revoke an existing client: ```bash sudo ikev2.sh --revokeclient [client name] @@ -830,8 +830,8 @@ Options: --addclient [client name] add a new client using default options --exportclient [client name] export configuration for an existing client --listclients list the names of existing clients - --revokeclient [client name] revoke a client certificate - --deleteclient [client name] delete a client certificate + --revokeclient [client name] revoke an existing client + --deleteclient [client name] delete an existing client --removeikev2 remove IKEv2 and delete all certificates and keys from the IPsec database -h, --help show this help message and exit diff --git a/docs/manage-users-zh.md b/docs/manage-users-zh.md index c3f9713..405603c 100644 --- a/docs/manage-users-zh.md +++ b/docs/manage-users-zh.md @@ -2,7 +2,7 @@ # 管理 VPN 用户 -在默认情况下,将只创建一个用于 VPN 登录的用户账户。如果你需要查看或管理 IPsec/L2TP 和 IPsec/XAuth ("Cisco IPsec") 模式的用户,请阅读本文档。对于 IKEv2,参见 [管理客户端证书](ikev2-howto-zh.md#管理客户端证书)。 +在默认情况下,将只创建一个用于 VPN 登录的用户账户。如果你需要查看或管理 IPsec/L2TP 和 IPsec/XAuth ("Cisco IPsec") 模式的用户,请阅读本文档。对于 IKEv2,参见 [管理 IKEv2 客户端](ikev2-howto-zh.md#管理-ikev2-客户端)。 * [使用辅助脚本管理 VPN 用户](#使用辅助脚本管理-vpn-用户) * [查看 VPN 用户](#查看-vpn-用户) @@ -11,7 +11,7 @@ ## 使用辅助脚本管理 VPN 用户 -你可以使用辅助脚本添加,删除或者更新 VPN 用户。它们将同时更新 IPsec/L2TP 和 IPsec/XAuth ("Cisco IPsec") 模式的用户。对于 IKEv2 模式,请参见 [管理客户端证书](ikev2-howto-zh.md#管理客户端证书)。 +你可以使用辅助脚本添加,删除或者更新 VPN 用户。它们将同时更新 IPsec/L2TP 和 IPsec/XAuth ("Cisco IPsec") 模式的用户。对于 IKEv2,参见 [管理 IKEv2 客户端](ikev2-howto-zh.md#管理-ikev2-客户端)。 **注:** 将下面的命令的参数换成你自己的值。VPN 用户信息保存在文件 `/etc/ppp/chap-secrets` 和 `/etc/ipsec.d/passwd`。脚本在修改这些文件之前会先做备份,使用 `.old-日期-时间` 为后缀。 diff --git a/docs/manage-users.md b/docs/manage-users.md index 14151ff..327682c 100644 --- a/docs/manage-users.md +++ b/docs/manage-users.md @@ -2,7 +2,7 @@ # Manage VPN Users -By default, a single user account for VPN login is created. If you wish to view or manage users for the IPsec/L2TP and IPsec/XAuth ("Cisco IPsec") modes, read this document. For IKEv2, see [Manage client certificates](ikev2-howto.md#manage-client-certificates). +By default, a single user account for VPN login is created. If you wish to view or manage users for the IPsec/L2TP and IPsec/XAuth ("Cisco IPsec") modes, read this document. For IKEv2, see [Manage IKEv2 clients](ikev2-howto.md#manage-ikev2-clients). * [Manage VPN users using helper scripts](#manage-vpn-users-using-helper-scripts) * [View VPN users](#view-vpn-users) @@ -11,7 +11,7 @@ By default, a single user account for VPN login is created. If you wish to view ## Manage VPN users using helper scripts -You may use helper scripts to add, delete or update VPN users for both IPsec/L2TP and IPsec/XAuth ("Cisco IPsec") modes. For IKEv2 mode, see [Manage client certificates](ikev2-howto.md#manage-client-certificates). +You may use helper scripts to add, delete or update VPN users for both IPsec/L2TP and IPsec/XAuth ("Cisco IPsec") modes. For IKEv2, see [Manage IKEv2 clients](ikev2-howto.md#manage-ikev2-clients). **Note:** Replace command arguments below with your own values. VPN users are stored in `/etc/ppp/chap-secrets` and `/etc/ipsec.d/passwd`. The scripts will backup these files before making changes, with `.old-date-time` suffix.